- CXF-7315 - Abstract the STS client token caching behaviour to allow the user to plug in a custom implementation
- CXF-7296 - Add support to enable revocation for TLS via configuration (see here).
- CXF-7314 - Custom BinarySecurityTokens are not used to set up the security context
- CXF-4692 - Allow customization of Request Security Token Response
- CXF-7252 - TLSParameterJaxBUtils.getTrustManagers getting password from wrong system property
Tuesday, April 18, 2017
Apache CXF 3.1.11 released
Apache CXF 3.1.11 (and 3.0.13) has been released. This release fixes a large number of bugs (there are over a 100 issues fixed in the CXF JIRA for this release). From a security POV, here are some of the more notable bug fixes and changes: